Free Trial

What’s Up with WhatsApp? Pegasus Spyware is Back

By Colm 14th May 2019

The recent WhatsApp Pegasus attack highlights the importance of mobile security

Following the discovery of a vulnerability (documented here) that allows the remote installation of spyware on mobile devices, WhatApp has issued a warning to all 1.5 billion of its users to update to the latest version of its app. Uncovered by WhatsApp in early May, the vulnerability was found to leverage a bug in the audio call feature of the app that enabled malicious actors to inject spyware onto the device, regardless of whether or not the call was actually picked up.

According to the Financial Times, the spyware used in the attack is believed to have been Israel-based NSO Group’s Pegasus. However, the group has so far denied having any knowledge of or involvement with this specific application of their software. Pegasus is a well known surveillance package that governments licence for crime fighting and anti-terror investigations. It can collect intimate data from a device, including location data and information recorded through the microphone and camera.

As the investigation is ongoing, it is still unclear exactly how many users have been affected by this latest attack. It is suspected that due to the non-trivial nature of the deployment, any attempts would have been limited to advanced and highly motivated actors targeting the sensitive communications of journalists, lawyers, activists, and human rights defenders. Nevertheless, WhatsApp quickly issued an update to disable the attack. They urged all users to upgrade to the latest app version to “protect against potential targeted exploits…on mobile devices”.

Significance for mobile users

As the line between personal and business usage blurs, our devices become more and more vulnerable to attack. The fact that the most widely used global messaging service can be compromised is a serious cause for concern.

Following the breach, Amnesty International expressed concern that hackers were able to “infect your phone without you actually taking action”. They refer to the fact that the user did not even need to answer the call for the spyware to infect the device. This highlights the huge risk that exists around the safety of personal and corporate data.

What can we do?

Mobile devices do not have security systems such as firewalls, web gateways, and endpoint protection platforms. They are especially vulnerable to threats such as phishing and malware infection. Attacks like this one disclosed today demonstrate that threats are no longer restricted to traditional means, like email and web browsers, but also to popular mobile services like social media and messaging apps.

To protect their devices, WhatsApp users should upgrade to the latest version of the app. Users should also ensure that their device is running the latest version of their mobile operating system.

Dedicated security software is also becoming a crucial aspect of mobile threat defense as mobile use continues to grow. For example, Corrata Security and Control provides protection from potential threats by checking every connection between the device and any external servers and blocking anything that seems suspicious. This prevents malware from getting onto the device. If a malicious code is already on the device, Corrata blocks this code from sending information back to its server.

 

To find out more visit www.corrata.com.

For more industry news, insights and analysis – follow us on Twitter and LinkedIn!